IT Security News Blast 02-21-2018

Cybercrime weighs most heavily on financial service firms
The financial services industry was found to incur cyberattack-induced cost of nearly $18.3 million per firm in 2017 following on from an increase of 10 percent year-over-year, and 40 percent since 2014, according to the report, called “2017 Cost of Cyber Crime Study”. Fifteen sectors in seven countries were measured, with utilities and energy ($17.2 million) coming in second in this regard, followed by aerospace and defense ($14.5 million).https://www.welivesecurity.com/2018/02/20/cybercrime-weighs-financial-services/

Cybersecurity incident response: Plan now to avoid finger-pointing later
“Most orgs incident response plans are severely lacking or not even followed,” Garrett said. “This leads to more spending on incident response and longer periods of time elapsing before a breach is detected and contained, thus jeopardizing more patient info and risking higher OCR fines.” Additionally, he said healthcare is still relatively immature from an information security perspective, with most info security officers still focusing on the basics of buying software security tools. They don’t always think about processes needed to make sure tools are used properly and optimally, Garrett said.http://www.healthcarefinancenews.com/news/cybersecurity-incident-response-plan-now-avoid-finger-pointing-later

County suffers cyber attack
Davidson County agencies are still suffering the after effects of a Feb. 16 cyber attack that shut down county networks, crippling operations of multiple government agencies. Davidson County Commissioners held an emergency meeting Friday to determine the extent of the damage, as well as the best methods to recover from it. During the meeting invocation Steve Jarvis prayed for help to navigate the current challenges, as well as retribution for the individuals who brought it down on the county’s agencies.http://www.hpenews.com/tvilletimes/county-suffers-cyber-attack/article_5295174a-1689-11e8-9c61-07e04f75894d.html

Homeland Security chief touts effort on election cybersecurity
As part of the meetings, Homeland Security and officials with the Office of Director of National Intelligence and the FBI gave state officials a classified briefing on foreign threats to U.S. election infrastructure. According to The New York Times, some state officials were disappointed by the classified briefing on Friday because it did not offer clear information about the Russia threat.http://thehill.com/policy/cybersecurity/374600-homeland-security-chief-touts-effort-on-election-cybersecurity

Lesser-Known North Korea Cyber-Spy Group Goes International: Report
The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said. “Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said. “We believe this is a big thing”.https://www.usnews.com/news/world/articles/2018-02-20/lesser-known-north-korea-cyber-spy-group-goes-international-report

US preparing ‘bloody nose’ cyber attacks on North Korea
A cyber assault could cripple Pyongyang’s online communications and ability to control its military, causing huge disruption but avoiding the loss of life. It may also assuage concerns that a conventional attack against missile sites or nuclear facilities by the US could trigger a massive counter-strike by Kim Jong-Un. Quoting senior US intelligence sources, Foreign Policy magazine said there has been a “nearly unprecedented scramble inside the agencies responsible for spying and cyber warfare” aimed at the Korean Peninsula.http://www.telegraph.co.uk/news/2018/02/20/us-preparing-bloody-nose-cyber-attacks-north-korea/

Commentary: Russian general plots our cyber downfall
“A perfectly thriving state can, in a matter of months, and even days, be transformed into an arena of fierce armed conflict, become a victim of foreign intervention, and sink into a web of chaos, humanitarian catastrophe, and civil war. … the role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, have exceeded the power and force of weapons in their effectiveness.” In some military circles this is now known as “The Gerasimov Doctrine.” Gerasimov has risen to the position of chief of staff of the Russian military.https://www.sltrib.com/opinion/commentary/2018/02/17/commentary-russian-general-plots-our-cyber-downfall/

US suspicious of Mexico’s request for help in spyware investigation: report
Mexican President Enrique Peña Nieto ordered a federal investigation into the matter after the Times published a bombshell report in June detailing an extensive spy campaign against distinguished human rights lawyers, journalists and academics in Mexico. The surveillance was conducted with government-acquired spying technology. […] But American officials rebuffed the requests over suspicions that the Mexican government wanted to publicly tout U.S. involvement to make the government probe seem credible.http://thehill.com/policy/cybersecurity/374620-us-suspicious-of-mexicos-request-for-help-in-spyware-investigation

Twitter Was Warned Repeatedly About This Fake Account Run By A Russian Troll Farm And Refused To Take It Down
@TEN_GOP gained enough support from the far right that when it was finally shut down, commentators like Reddit’s pro-Trump r/the_donald forum expressed outrage. Jack Posobiec, a pro-Trump internet activist who himself has more than 213,000 Twitter followers, questioned the action when Twitter temporarily suspended the account in July. “Fascinating,” Posobiec told BuzzFeed News this week. “We have to learn more about their operations. It’s been their tactic since the KGB in the ’70s to turn Americans against one another.”https://www.buzzfeed.com/kevincollier/twitter-was-warned-repeatedly-about-this-fake-account-run

Fake news “vaccine”: online game may “inoculate” by simulating propaganda tactics
Players build audiences for their fake news sites by publishing polarizing falsehoods, deploying twitter bots, photo-shopping evidence, and inciting conspiracy theories in the wake of public tragedy – all while maintaining a “credibility score” to remain as persuasive as possible. The psychological theory behind the research is called “inoculation”: “A biological vaccine administers a small dose of the disease to build immunity. Similarly, inoculation theory suggests that exposure to a weak or demystified version of an argument makes it easier to refute when confronted with more persuasive claims,” says a researcher.http://www.homelandsecuritynewswire.com/dr20180220-fake-news-vaccine-online-game-may-inoculate-by-simulating-propaganda-tactics

Cybersecurity ETFs to Go a Long Way
As per the source, the latest budget proposal assigns $210 million to the Technology Modernization Fund for the transition of federal IT from legacy systems to modern platforms. The budget also allots $45.8 billion for civilian IT funding in fiscal 2019, a moderate rise from fiscal 2018’s $45.6 billion. According to Gartner, global enterprise security spending will reach $ 96.3 billion in 2018 – marking 8% growth from the 2017 expected level of $89 billion.https://www.nasdaq.com/article/cybersecurity-etfs-to-go-a-long-way-cm924031

Flight-sim devs say hidden password-dump tool was used to fight pirates [Updated]
“We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers, so we decided to capture his information directly—and ONLY his information (obviously, we understand now that people got very upset about this—we’re very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts.”https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

APTSimulator – A toolset to make a system look as if it was the victim of an APT attack
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases:
· POCs: Endpoint detection agents / compromise assessment tools
· Test your security monitoring’s detection capabilities
· Test your SOCs response on a threat that isn’t EICAR or a port scan
· Prepare an environment for digital forensics classeshttps://www.kitploit.com/2018/02/aptsimulator-toolset-to-make-system.html

Macro-Based Multi-Stage Attack Delivers Password Stealer
“Indeed, this approach can be very risky for the malware author. If any one stage fails, it will have a domino effect on the whole process. Another noticeable point is that the attack uses file types (DOCX, RTF and HTA), that are not often blocked by email or network gateways unlike the more obvious scripting languages like VBS, JScript or WSF,” Trustwave concludes.https://www.securityweek.com/macro-based-multi-stage-attack-delivers-password-stealer

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.

Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.